search

questdb / nodejs-questdb-client

QuestDB Node.js Client
35 stars 8 forks source link

Reduce the number of necessary parameters when using ILP auth #13

Closed javier closed 9 months ago

javier commented 1 year ago

For connecting via ILP auth, only the key_id and the private_key/d parameter should be needed. However, this client also requests the public key pair, which is annoying as those are not really needed, and the developer need to treat them as secrets.

Some official clients like Go, JAVA, or C# don't need the extra parameters.

Once changed, the documentation should be updated to reflect the simplified connection params.

glasstiger commented 1 year ago

The difference is that the node.js client produces the private key from the JWK format provided as input. The Java client, for example, just takes the private key directly.

Java:
public final void authenticate(String keyId, PrivateKey privateKey);

The node.js client uses this API to create the private key from JWK format:

Creates and returns a new key object containing a private key.
If key is a string or Buffer, format is assumed to be 'pem';
otherwise, key must be an object with the properties described above.
If the private key is encrypted, a passphrase must be specified.
The length of the passphrase is limited to 1024 bytes.

Since:
v11.6.0

function createPrivateKey(key: PrivateKeyInput | string | Buffer | JsonWebKeyInput): KeyObject;
glasstiger commented 1 year ago

Actually the Java code has a method to generate the PrivateKey from the string, see below. I think if we had something similar in javascript that would help. We could probably create a PrivateKeyInput from the string token but this needs some digging in the cryptography libraries.

    Java:
    public static PrivateKey importPrivateKey(String encodedPrivateKey) {
        byte[] dBytes = Base64.getUrlDecoder().decode(encodedPrivateKey);

        try {
            BigInteger privateKeyInt = new BigInteger(1, dBytes);
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(EC_ALGORITHM);
            AlgorithmParameterSpec prime256v1ParamSpec = new ECGenParameterSpec(EC_CURVE);
            keyPairGenerator.initialize(prime256v1ParamSpec);
            ECParameterSpec parameterSpec = ((ECKey) keyPairGenerator.generateKeyPair().getPrivate()).getParams();
            ECPrivateKeySpec privateKeySpec = new ECPrivateKeySpec(privateKeyInt, parameterSpec);
            return KeyFactory.getInstance(EC_ALGORITHM).generatePrivate(privateKeySpec);
        } catch (NoSuchAlgorithmException | InvalidAlgorithmParameterException | InvalidKeySpecException ex) {
            throw new IllegalArgumentException("Failed to decode " + encodedPrivateKey, ex);
        }
    }